smengcl commented on code in PR #3381:
URL: https://github.com/apache/ozone/pull/3381#discussion_r877575369
##########
hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/shell/tenant/TenantAssignUserAccessIdHandler.java:
##########
@@ -54,56 +49,35 @@ public class TenantAssignUserAccessIdHandler extends
TenantHandler {
+ "If unspecified, accessId would be in the form of "
+ "TenantName$Principal.",
hidden = true)
- // This option is intentionally hidden for now. Because accessId isn't
- // restricted in any way so far and this could cause some conflict with
- // `s3 getsecret` and leak the secret if an admin isn't careful.
+ // This option is intentionally hidden for now. Because if accessId isn't
+ // restricted in any way this might cause `ozone s3 getsecret` to
+ // unintentionally leak secret if an admin isn't careful.
private String accessId;
- // TODO: HDDS-6340. Add an option to print JSON result
-
- private String getDefaultAccessId(String userPrincipal) {
- return tenantId + TENANT_ID_USERNAME_DELIMITER + userPrincipal;
+ private String getDefaultAccessId(String userPrinc) {
+ return tenantId + TENANT_ID_USERNAME_DELIMITER + userPrinc;
}
@Override
- protected void execute(OzoneClient client, OzoneAddress address) {
- final ObjectStore objStore = client.getObjectStore();
+ protected void execute(OzoneClient client, OzoneAddress address)
+ throws IOException {
if (StringUtils.isEmpty(accessId)) {
- accessId = getDefaultAccessId(userPrincipals.get(0));
- } else if (userPrincipals.size() > 1) {
- err().println("Manually specifying accessId is only supported when there
"
- + "is one user principal in the command line. Reduce the number of "
- + "principal to one and try again.");
- return;
+ accessId = getDefaultAccessId(userPrincipal);
}
- for (int i = 0; i < userPrincipals.size(); i++) {
- final String principal = userPrincipals.get(i);
- try {
- if (i >= 1) {
- accessId = getDefaultAccessId(principal);
- }
- final S3SecretValue resp =
- objStore.tenantAssignUserAccessId(principal, tenantId, accessId);
- err().println("Assigned '" + principal + "' to '" + tenantId +
- "' with accessId '" + accessId + "'.");
- out().println("export AWS_ACCESS_KEY_ID='" +
- resp.getAwsAccessKey() + "'");
- out().println("export AWS_SECRET_ACCESS_KEY='" +
- resp.getAwsSecret() + "'");
- } catch (IOException e) {
- err().println("Failed to assign '" + principal + "' to '" +
- tenantId + "': " + e.getMessage());
- if (e instanceof OMException) {
- final OMException omException = (OMException) e;
- if (omException.getResult().equals(
- OMException.ResultCodes.TENANT_NOT_FOUND)) {
- // If tenant does not exist, don't bother continuing the loop
- break;
- }
- }
- }
+ final S3SecretValue resp = client.getObjectStore()
+ .tenantAssignUserAccessId(userPrincipal, tenantId, accessId);
+
+ out().println(
+ "export AWS_ACCESS_KEY_ID='" + resp.getAwsAccessKey() + "'");
+ out().println(
+ "export AWS_SECRET_ACCESS_KEY='" + resp.getAwsSecret() + "'");
+
+ if (isVerbose()) {
+ err().println("Assigned '" + userPrincipal + "' to '" + tenantId +
Review Comment:
Same as https://github.com/apache/ozone/pull/3381#discussion_r877107059
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
